All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on Builder Checkpoint issues

guarisma
Contributor
‎07-17-2019 01:42 PM

Hello,

I'm creating a REST input for my Add-on, the REST call goes like this

https://api.domain.com/get/me/logs?oldest=<date+time in epoch (secs)>

My Events look something like this:

  {"events": [  { "date": 1561939200, "id": "1234-6678-09982", "data": "Someone did something to this setting"},  { "date": 1561939100, "id": "1234-6678-09982", "data": "Someone else did something to this other setting"}, {...}]}

So my checkpoint path is events[0].date since the first event in the array is the latest one.

I set the interval for 300 sec (5 min)

But when ever the Script runs again, it repeats the last event and grab the new ones after, in that example I would find { "date": 1561939200, "id": "1234-6678-09982", "data": "Someone did something to this setting"} twice in Splunk.

How can I make it increment so it won't index the last event again?

Tags (1)
0 Karma
Reply

ArtiParty
Loves-to-Learn
‎01-25-2025 08:39 AM

I'm having the same issues, any resolution?

0 Karma
Reply

marnall
Motivator
‎01-25-2025 12:58 PM

Can you increment the checkpoint number by one before saving it using the helper functions in the add-on builder? This should prevent it from getting the last event multiple times when there are no new events after the last checkpoint.

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...